- From: Honza Bambas <honzab@allpeers.com>
- Date: Mon, 14 Jul 2008 23:18:20 +0200
Ian Hickson wrote: > Many years ago I wrote a draft for how to do full-duplex communication > from a Web page. Over the years we've received much feedback on this > TCPConnection API. I've now completely rewritten the relevant section and > given it a new name, Web Sockets: > > http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#network > > If there are any security issues with this proposal, or if it fails to > achieve its goals (discussed below), or fails to handle a case you care > about, then please don't hesitate to send feedback to the list! > > I am just concern about the way the protocol is specified. When I read the notes it is obvious the communication is actually an HTTP communication. Let's say I am a browser developer. Let's say I have to enhance my already fully armed browser with all the support for HTTP protocol and proxy/HTTP authentication, cookies, fixed many security issues etc. It would be reasonable to use my HTTP implementation and build ws/wss client protocol on top of it. Problem is that spec counts with exact byte compare but my implementation might possibly change headers order or HTTP version (to higher one). This would violate the WHATWG spec but the request according to HTTP protocol would still be correct. This might make the implementation (and therefor also adoption) of this technology more complicated for browser developers. Why exactly is in the spec intention to do exact byte-to-byte match? To allow very easy implementation using scripts? Thanks -hb- -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080714/04e22853/attachment.htm>
Received on Monday, 14 July 2008 14:18:20 UTC